PlaceRaider quietly builds a model of your world as seen through your Android smartphone.

Tinfoil hats at the ready, ladies and gentlemen: Researchers at the United States Naval Surface Warfare Center in Crane, Indiana, in cooperation with scientists from the University of Indiana, recently set out on a mission to see what security flaws they could uncover in smartphone devices running on Android 2.3 and above. After a few months of tinkering, their investigations led them to create a piece of smartphone malware that silently takes photos using your device's camera, uploads them to a central database, and then uses the photos to construct a 3D image of your surroundings for the purpose of stealing things from said surroundings at a later date.

The team named their sneaky malware PlaceRaider, and described details of its use by saying that "remote burglars" could use it to "download the physical space, study the environment carefully, and steal virtual objects from the environment (such as financial documents, information on computer monitors, and personally identifiable information)." In addition to visual information stolen from your camera, the malware also picks up location and orientation data from across your smartphone's sensors that enable it to place you, quite precisely, in the world. A simple image filter designed to detect extremely dark or blurry image patterns stops the app from inundating its servers with pictures of the inside of your jacket pocket. Any noises associated with its activities - such as the little shutter noises some smartphone cameras make - are disabled. All in all, it's a pretty impressive piece of work.

According to the researchers, PlaceRaider would gain access to your phone by basically sneaking in behind a legit-sounding download that asks your permission to access your phone's sensor systems (think Instagram, for instance, or one of its ilk). Once inside, it would run as a background program.

In order to test the malware, the team gave 20 unsuspecting smartphone fans an infected phone each and set about testing how much personal information they could glean from the data the malware sent back. In doing so the team discovered that, A) The photos are really pretty good for stealing information and, B) The photo-generated 3D models are even better for stealing information. Neat, huh?

Oh, and before anyone with an iPhone thinks of getting on some kind of Android-is-inferior shaped horse over this, it's worth noting that the app's creators "expect such malware to generalize to other platforms such as iOS and Windows Phone." We're all in this together, friends.

While there are infinite upsides to living in a super-connected, tech-based world, exploitable security flaws of this kind (not to mention those present in desktop computers; Flame says hello) serve as sobering reminders of the potential downsides. This time, it was a benign team of scientific researchers who found the flaw and exposed it to the world, dragging it out into the light and reminding us to pay attention to what permissions an app asks for when we consider downloading it. The era of smartphone-based antivirus programs is almost here, but til then, I hear tinfoil's set to be one of the hottest trends of winter 2012/13. That hat is so totally you.

Anythings hackable, so long as you can get at it or have access to it through the internet. besides, I'm sure the American military is working on way cooler projects that can work against there own country as we speak!So awesome right?!

Hevva:Researchers at the United States Naval Surface Warfare Center in Crane, Indiana, in cooperation with scientists from the University of Indiana, recently set out on a mission to see what security flaws they could uncover in smartphone devices... ...construct a 3D image of your surroundings...

I thought Wayne Enterprises already had produced one of these. Theirs was a lot cooler too.

It would be Back Orifice all over again, in glorious 3D. You wouldn't believe the transparency granted from random citizens and corporations. Scientology freaks, pedophiles, ISPs... they were all up for grabs, and it was splendid comedy, drama and horror all rolled into one. That was some splendid fun. The most activity for seemingly coordinated amateur spying we could trace came from Turkey, other Arab states and China. Guess they just couldn't resist some free remote administratin'.

They were running a public experiment with a university. Experiments like these are designed to counter cybercrimes/terrorism and learn how to fight them, not to use them against citizens. At least that is how they start...

jetriot:They were running a public experiment with a university. Experiments like these are designed to counter cybercrimes/terrorism and learn how to fight them, not to use them against citizens. At least that is how they start...

In all seriousness - imagine this app as a friendly little helper in the hands of an officer in the field - instant 3D maps of any location. Something like the little scanners in Prometheus.

But even if they DID get my camera on my phone to work, I don't really care as all they'd get is photos of my ceiling or inside my pants. And if they want photos of the inside of my pant pockets that badly, they can have them. :P

I don't think this kind of software would manage to do much with my phone. If the phone isn't in my pocket it's laying with the camera face down on my night stand. I'm sure they'll get great pictures during the 3 seconds it's in mid air and pointed at my wall 6 inches away though.

So then, not so much a massive gaping security hole in the system as a severe case of PEBKAC? Or am I the only one who does careful research before I install anything on any device which requires user permissions and doesn't get their phone software from shifty Russian torrent sites?

I mean come on guy, this is like saying all computers have massive security flaws because some among the ranks of the cretinously tech-inept think that clicking the link on the flashing "YOU AR THE 1000TH WINNER OF THE PRIZE CLICK HARE!!!" popup that showed up on their screen is a good idea. Or that email is inherently insecure because there really are people out there gullible enough to think that an exiled Nigerian prince needs their help to secure their millions.

There are precisely two locations they would glean from my phone. My pocket and my bedroom, and if they don't take fairly frequent photos they'll probably only get the back of my TV, my door, and some of my bed. Congratulations, you now know - oh wait s*** my planner is on the back of my door.